icedid | 5e1da5c442ae61378d875bfb05cc46a672c7144f2c8e36b484fe0e81fcf0ae74

Analysis

max time kernel
141s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21-12-2024 18:58

Target

JaffaCakes118_5e1da5c442ae61378d875bfb05cc46a672c7144f2c8e36b484fe0e81fcf0ae74.dll
Size

490KB
MD5

8e9792384a50779d8ce74b53f4e60826
SHA1

e9d43ad4226182b0989b7d4731011d491dcd2e77
SHA256

5e1da5c442ae61378d875bfb05cc46a672c7144f2c8e36b484fe0e81fcf0ae74
SHA512

4420e7e234982ce0d2e84f8880c64d3256c166eb66d99cc3b9f2cd8a56cb289d6675ca2d40fcc04e29287f34cef284834a71e3335327076801c7966cf449c915
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRV:knmj6xK1y3Ik6TZGRV

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2288	regsvr32.exe
2288	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e1da5c442ae61378d875bfb05cc46a672c7144f2c8e36b484fe0e81fcf0ae74.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2288

memory/2288-0-0x00000000004F0000-0x00000000004FE000-memory.dmp

Filesize
56KB

Download
memory/2288-1-0x00000000004F0000-0x00000000004FE000-memory.dmp

Filesize
56KB

Download